| 2.2.10 Ensure HTTP server is not enabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Ensure 'passwordFormat' is not set to clear | CIS IIS 8.0 v1.5.1 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure 'passwordFormat' is not set to clear - Applications | CIS IIS 7 L1 v1.8.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 5.5 Ensure the Default CGI Content printenv Script Is Removed | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 Ensure the Default CGI Content printenv Script Is Removed | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 5.5 Ensure the Default CGI Content printenv Script Is Removed | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 5.6 Ensure the Default CGI Content test-cgi Script Is Removed | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 5.6 Ensure the Default CGI Content test-cgi Script Is Removed | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000940 - All accounts installed with the Apache web server software and tools must have passwords assigned and default passwords changed. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| JUEX-RT-000270 - The Juniper router must be configured to have all nonessential capabilities disabled. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| OH12-1X-000003 - OHS must have the MaxClients directive defined to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000004 - OHS must limit the number of threads within a worker process to limit the number of allowed simultaneous requests - ThreadsPerChild | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000082 - OHS must be configured to store access log files to an appropriate storage device from which other tools can be configured to reference those log files for diagnostic/forensic purposes. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-70-000001 - ESX Agent Manager must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | ACCESS CONTROL |
| VCFL-67-000023 - vSphere Client must not show directory listings. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000001 - Lookup Service must limit the amount of time that each Transport Control Protocol (TCP) connection is kept alive - TCP connection is kept alive. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | ACCESS CONTROL |
| VCPF-80-000125 The vCenter Perfcharts service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | ACCESS CONTROL |
| VCST-67-000024 - The Security Token Service must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000021 - The vSphere UI must not show directory listings. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000022 - vSphere UI must be configured to hide the server version. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-70-000025 - vSphere UI must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - '-ExecCGI' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'SetHandler' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'ASP Default Language set to VBScript' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'AspScriptTimeout set to 90 or less' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'Execute Permissions set 'Script only' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'Virtual Directories - ASP Default Language set to VBScript' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'Virtual Directories - AspScriptTimeout set to 90 or less' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
